Nearly all of the FTSE 100 exposed to possible supply chain security issues

Hacker Typing
(Image credit: Shutterstock)

Despite heavy investing, and mainly significant improvements in cybersecurity posture, almost all FTSE 100 organizations in the UK, and elsewhere around Europe, are susceptible to cyberattacks, new research has said.

A report from SecurityScorecard claims these major organizations still suffer cyberattacks through third-party compromise. 

“Many companies have increased the cyber protection of their “front doors” through measures such as firewalls, stronger passwords, and multi-factor identification,” the organization said. “As a result, adversaries seek other ways to get it. Often, that means coming in through third-party vendors’ systems.”

Unwitting Trojan Horse

And come in - they do. Almost all (97%) of the UK’s largest companies suffered a breach in their third-party ecosystem in the last 12 months. To make things worse, the situation is equally bad in the neighborhood: 94% of German companies suffered the same fate, 98% of French, and 95% of Italian organizations.

“Using an organization as an unwitting Trojan Horse is far easier than directly compromising a major company with a fully staffed Security Operations Center and several layers of security controls,” the company concludes.

Yet not all organizations are built the same. Those in Energy and Basic Materials verticals are faring relatively well, with just 12% and 16% of these companies, respectively, having a third-party breach. What’s more, none of them received a C rating, or lower. The Financial sector was ranked second-best, counting just 5% of companies with a C rating or lower.

On the other end of the spectrum are organizations in the Communications industry, with 70% scored C or lower. 

Last year, 12% of FTSE 100 organizations in the UK suffered a data breach, as well as 8% of GErman, 7% of French, and 3% of Italian companies. 

“All companies should prioritize improving application and network security,” the press release concludes. “These two aspects are fundamental to safeguarding against a wide range of cyber threats. Any company—regardless of size, industry, value, or revenue—can be a target for cybercriminals if it doesn’t have strong cyber defenses.”

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.